Skip to content

deps(upgrade): bump actions/github-script from 6 to 7 #1368

deps(upgrade): bump actions/github-script from 6 to 7

deps(upgrade): bump actions/github-script from 6 to 7 #1368

Workflow file for this run

name: Build and test
on:
# Build PRs
pull_request_target:
types: [ opened, synchronize, reopened ]
paths-ignore:
- 'docs/**'
- '*.md'
- '**/*.md'
- '.github/workflows/bump*.yaml'
- '.github/workflows/docs.yaml'
- '.github/workflows/codeql*.yaml'
- '.github/workflows/command-*.yaml'
- '.github/workflows/clear-cache.yaml'
- '.github/workflows/deploy-tag.yaml'
- '.github/workflows/prepare-release.yaml'
# On push event
push:
# Build only changes pushed into the `master` branch -- avoids double builds when you push in a branch which has a PR.
branches:
- master
- pipeline
# Ignore documentation changes (Netlify will handle this)
paths-ignore:
- 'docs/**'
- '*.md'
- '**/*.md'
- '.github/workflows/bump*.yaml'
- '.github/workflows/docs.yaml'
- '.github/workflows/codeql*.yaml'
- '.github/workflows/command-*.yaml'
- '.github/workflows/clear-cache.yaml'
- '.github/workflows/deploy-tag.yaml'
- '.github/workflows/prepare-release.yaml'
workflow_dispatch:
# Currently you cannot use ${{ env.IS_FORK }} for some reason, which is why you might need to copy-paste some of these.
env:
REPOSITORY: ${{ github.repository }}
IS_FORK: ${{ github.event.pull_request.head.repo.fork == true }}
IS_PR: ${{ github.event_name == 'pull_request' }}
EVENT_NAME: ${{ toJSON(github.event_name) }}
# format: username:branch
PR_HEAD_LABEL: ${{ toJSON(github.event.pull_request.head.label) }}
PR_NUMBER: ${{ github.event.number }}
jobs:
build-and-test:
environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.fork == true && 'external-collaborators' || '' }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, windows-latest, macos-latest ]
java: [ 11, 17 ]
#os: [ ubuntu-latest ]
#java: [ 11 ]
steps:
- name: Show GitHub context
run: echo "$EVENT_NAME $REPOSITORY $PR_HEAD_LABEL $IS_PR $IS_FORK ${{ github.event.pull_request.head.sha || github.sha }}"
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
fetch-depth: '0' # 0 because of sonar needs git blame.
- name: Setup Java ${{ matrix.java }}
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java }}
distribution: "temurin"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
with:
# The Gradle wrapper's version (already the default, putting it here to clarity)
gradle-version: wrapper
# Removing unused files from Gradle User Home before saving to cache (i.e. older versions of gradle)
gradle-home-cache-cleanup: true
# Cache downloaded JDKs in addition to the default directories.
gradle-home-cache-includes: |
caches
notifications
jdks
- name: Check if code is eligible for deploying snapshot version
id: deploy_check
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const manifest = JSON.parse(fs.readFileSync('.release-please-manifest.json'));
const data = {
"version": manifest["."],
"is_snapshot": manifest["."].toLowerCase().includes("snapshot"),
"matrix": "${{ matrix.os }}",
"jdk": "${{ matrix.java }}",
"is_fork": "${{ env.IS_FORK }}",
"branch" : "${{ github.head_ref || github.ref_name }}"
}
const is_deployable = data.matrix == "ubuntu-latest" && data.jdk == "11" && data.is_fork == "false" && data.branch == "master" && data.is_snapshot == true
console.log("Data: ", data);
console.log("Is deployable: " + is_deployable);
return {
version: data.version,
is_snapshot: '' + data.is_snapshot,
is_deployable: '' + is_deployable
}
- name: Setup key
uses: crazy-max/ghaction-import-gpg@v5
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }}
with:
fingerprint: ${{ vars.GPG_FINGERPRINT }}
gpg_private_key: ${{ secrets.GPG_KEY }}
passphrase: ${{ secrets.GPG_PASS }}
trust_level: 5
- name: Build and test
env:
S3FS_BUCKET_NAME: ${{ secrets.S3FS_BUCKET_NAME }}
S3FS_ACCESS_KEY: ${{ secrets.S3FS_ACCESS_KEY }}
S3FS_SECRET_KEY: ${{ secrets.S3FS_SECRET_KEY }}
S3FS_REGION: ${{ secrets.S3FS_REGION }}
S3FS_PROTOCOL: "https"
run: ./gradlew build jacocoTestReport -PwithSignature=${{ fromJSON(steps.deploy_check.outputs.result).is_deployable }} --warn --stacktrace
- name: Publish code analysis to Sonarcloud
# [WARNING] The version of Java (11.0.21) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
if: ${{ matrix.os == 'ubuntu-latest' && matrix.java == '17' }}
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
S3FS_PUBLISH_SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
S3FS_PUBLISH_SONAR_BRANCH: ${{ github.event_name == 'pull_request_target' && '' || github.head_ref || github.ref_name }}
S3FS_PUBLISH_SONAR_PR_NUMBER: ${{ env.PR_NUMBER }}
S3FS_PUBLISH_SONAR_PR_BRANCH: ${{ github.event.pull_request.head.ref }}
S3FS_PUBLISH_SONAR_PR_BASE: ${{ github.event.pull_request.base.ref }}
run: ./gradlew sonar
continue-on-error: true
- name: Check file signature
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }}
run: |
ls -al ./build/libs/
for f in ./build/libs/*.asc; do
echo "Verifying $f"
gpg --verify $f
done
# Publish snapshot only when on master branch, version is actually snapshot and from just one of the matrix jobs.
- name: Publish snapshot (only on master branch)
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }}
env:
S3FS_PUBLISH_SONATYPE_USER: "${{ secrets.S3FS_PUBLISH_SONATYPE_USER }}"
S3FS_PUBLISH_SONATYPE_PASS: "${{ secrets.S3FS_PUBLISH_SONATYPE_PASS }}"
run: |
./gradlew publish